Whether working in a coffee shop, waiting at an airport, wandering on a manufacturing floor, meeting in a law office or sitting in a doctor’s waiting room, there’s one thing you’ll likely encounter: sketchy Wifi.
In our age of digital wonder, you can whip out your laptop or tablet, connect, and get straight to work nearly anywhere. Wifi and VPNs are ubiquitous in virtually every enterprise setting, allowing you to get work done in more places than we could have ever imagined 20 years ago.
Unsecured Networks are Everywhere
Just the other day, I was stuck in a lobby waiting for an oil change and decided that I would work in the meantime. I tried to jump on their Wifi, but the usual “[email protected]” password was not working. I ventured forth and asked an employee for the password. They read aloud from a tattered Post-It with a scribbled password on it, only realizing later that it was the corporate wifi (stealthily named “CORP_Wifi”) and for employees only. Eventually, they found the new customer wifi password, and had me connected in no time.
While this situation played out harmlessly, a potentially dangerous and all-too common mistake took place: the network connecting all of the business’s domain resources was exposed by a 3×3 piece of paper. Scarily enough, this is not unlike many other scenarios that happen every day across many SMBs and organizations. In fact, many, if not most, of your customers have had their Wifi SSID and password posted haphazardly on refrigerators, whiteboards and desktops throughout the office, begging to be shared with anyone with a pulse. If you also factor in the proliferation of BYOD in the workplace, it’s almost guaranteed that hundreds of unknown devices and their owners touch those networks each day using that same password.
The Challenge for MSPs
Ignoring exposure to third-party users, once an employee leaves the company, they can maintain network access until the password has been changed. This is particularly troubling, because the disruption of changing the password is so unappealing to businesses that they’ll avoid it for years, leading to endless access for previously connected devices.
In an MSP setting, making changes to a network like this could result in dozens (or hundreds) of users losing connectivity. If this were to happen to even a few of your customers, time would be wasted and company resources would be vulnerable.
In this situation, MSPs find themselves stuck between a rock and a hard place.
- Option 1: Leave the network in its current unsecured state to avoid disrupting business with regular password changes.
- Option 2: Make the password change and disrupt business functions for a temporary fiix until the next time you need to change the password.
Thankfully, there’s an “Option 3” that gives this problem a much better solution.
The Solution: RADIUS
A majority of the risk and inconvenience of password changes can be remedied with a solution that has been around for a few decades: RADIUS. With RADIUS, a user’s directory service credentials replace the traditional shared password for network authentication. RADIUS not only provides visibility of users currently connected to the network, but it can also expand to support VPN connections.
The benefits of identity-based access are numerous, but some key points are:
- Improved security by limiting the users to active domain users
- Simplified network connection the same way you login to your computer
- Increased network security through MFA on both Wifi and VPN connections
Traditionally, deploying RADIUS requires a physical server to configure, maintain, and monitor the service, so clients may not have the infrastructure to support this setup. With that in mind, it’s no surprise that many MSPs don’t consider RADIUS a viable configuration option for many client networks.
Thankfully, this doesn’t have to be the case anymore.
JumpCloud + RADIUS
JumpCloud’s Cloud Directory platform allows you to provide security to your clients in a cost-effective and lightweight package. Our customers can deploy Cloud RADIUS in a matter of minutes, with significantly less technicality required.
With easy deployment, solid security and multi-tenancy at its core, JumpCloud Cloud RADIUS can bring all of these to your networks and your existing supported platforms:
- Built-in encryption with EAP-TTLS, PAP, PEAP in addition to WPA2 Enterprise and RADIUS
- Secure VPN Access with Meraki, Palo Alto, OpenVPN
- Network Segmentation via VLAN tagging
- MFA for Wifi and VPN connectivity
Along with the tangible benefits your clients will experience, MSPs can reap the rewards of their work, knowing that:
- Network deployments will be easier to institute and support with solution uniformity.
- RADIUS will be considered a lower-tier request, freeing up network & infrastructure engineers to focus on more intensive work.
- Network visibility will be increased thanks to devices and identities being tied.
- Audit and compliance requirements will be met or exceeded.
Learn more about how JumpCloud’s Cloud RADIUS can empower your network security.